Many times when monitoring a link, we create triggers that emit alarms only when a link has a total drop or when it is at its maximum capacity. But what if it happens to present only a partial drop, or a degradation? For this purpose, it is possible to create a trigger that issues an alarm of a graph drop of more than 30% compared to the total of the last 15min. Or one that shows a drop of more than 60% comparing the last collection with the same time 7 days ago.
– Partial drop of 30%
To create this trigger we will use the following structure for the “download” traffic: {host:net.if.in[ifHCInOctets.OctetoDoItem].last()}<0.7*{host:net.if.in[ifHCInOctets.OctetoDoItem].avg(15m)} and {host:net.if.in[ifHCInOctets.OctetoDoItem].last()}>=100M
And the following structure for the “upload” traffic:
{host:net.if.out[ifHCOutOctets.OctetoDoItem].last()}<0.7*{host:net.if.out[ifHCOutOctets.OctetoDoItem].avg(15m)} and {host:net.if.out[ifHCOutOctets.OctetoDoItem].last()}>=100M
Where “host” is written, we must pass the name of the host that we will create the trigger and where “OctetDoItem” is written, we must pass the octet number of the item that we want to create the trigger, the octet is a unique identification of each item. The last parameter that we pass is the same parameter used to identify the total drop in a link, and we put that it needs to be greater than the parameter, so the trigger that partial drop is not active together with the total drop.
– Partial drop of 60%
To create this trigger we will use the following structure for the “download” traffic:
{host:net.if.in[ifHCInOctets.OctetoDoItem].last(#1)}/{ host:net.if.in[ifHCInOctets. OctetoDoItem].last(#5040)}<=0.4 and { host:net.if.in[ifHCInOctets. OctetoDoItem].last(#2)}/{ host:net.if.in[ifHCInOctets. OctetoDoItem].last(#5041)}<=0.4 and { host:net.if.in[ifHCInOctets. OctetoDoItem].last(#3)}/{ host:net.if.in[ifHCInOctets. OctetoDoItem].last(#5042)}<=0.4 and { host:net.if.in[ifHCInOctets. OctetoDoItem].last(#4)}/{ host:net.if.in[ifHCInOctets. OctetoDoItem].last(#5043)}<=0.4 and { host:net.if.in[ifHCInOctets. OctetoDoItem].last(#5)}/{ host:net.if.in[ifHCInOctets. OctetoDoItem].last(#5044)}<=0.4 and { host:net.if.in[ifHCInOctets. OctetoDoItem].last()}>50M
To create this trigger we will use the following structure for the “upload” traffic:
{host:net.if.out[ifHCOutOctets.OctetoDoItem].last(#1)}/{ host:net.if.out[ifHCOutOctets.OctetoDoItem].last(#5040)}<=0.4 and { host:net.if.out[ifHCOutOctets.OctetoDoItem].last(#2)}/{ host:net.if.out[ifHCOutOctets.OctetoDoItem].last(#5041)}<=0.4 and { host:net.if.out[ifHCOutOctets.OctetoDoItem].last(#3)}/{ host:net.if.out[ifHCOutOctets.OctetoDoItem].last(#5042)}<=0.4 and { host:net.if.out[ifHCOutOctets.OctetoDoItem].last(#4)}/{ host:net.if.out[ifHCOutOctets.OctetoDoItem].last(#5043)}<=0.4 and { host:net.if.out[ifHCOutOctets.OctetoDoItem].last(#5)}/{ host:net.if.out[ifHCOutOctets.OctetoDoItem].last(#5044)}<=0.4 and { host:net.if.out[ifHCOutOctets.OctetoDoItem].last()}>50M
Where “host” is written, we must pass the name of the host that we will create the trigger and where “OctetDoItem” is written, we must pass the octet number of the item that we want to create the trigger, the octet is a unique identification of each item. The last parameter that we pass is the same parameter used to identify the total drop in a link, and we put that it needs to be greater than the parameter, so the trigger that partial drop is not active together with the total drop.
Operation of each trigger
the trigger of partial drop of 30% it works as follows, it compares the last collection from zabbix with the average of the collections of the last 15 minutes, if there is a drop of 30% in relation to the last collection with the average and there has not been a total drop, an alert is issued to us.
The 60% partial drop trigger works by comparing the last 5 zabbix collections with the collections of 7 days ago at the same time.
Difference between triggers
The 30% partial drop trigger we use with the idea of discovering when we have a sudden drop, while the 60% trigger we use to compare the traffic with the previous week, to know when there is a drop in traffic from one week to the next. other.
Did you like our tutorial today?
Tell us what you think?
Remembering that we have our monitoring 24×7 and this article was written by our monitoring manager, if you don’t want to have to worry about your network we invite you to know a little more about our work with Made4Noc.
